pidgen2 (>=0.3.15 <=0.3.20), xrootd-utils (=0.1.0) +1 more potentially affected by unknown CVE via xrootd (>=4.12.7 <=5.8.2)

xrootd PYPI version =4.12.7, =0.3.15, =0.2.2, =1.0.0a1 Source cves: unknown CVE Source advisory: OSV:GHSA-VJ8V-P5VW-M6V5...

GHSA-VJ8V-P5VW-M6V5 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

EUVD-2017-1488

Malware in sbrugna...

The vulnerability of the XRootD file server arises from the lack of measures to clean incoming data during LDAP requests, allowing an attacker to execute arbitrary code.

The vulnerability of the XRootD file server is related to the lack of measures to sanitize input data when processing LDAP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...